Problem with server_bind_zonefile_dir

Discussion in 'Installation/Configuration' started by linuxfool, Dec 5, 2005.

  1. linuxfool

    linuxfool New Member

    Hello all,

    I seem to be experiencing an issue with the 'Management tool'

    It seems that if I go to server > settings > dns my setting for Zonefiles Dir. gets set back to /etc/bind -- since I'm running centOS 4.2 with bind in a chroot, it should be '/var/named/chroot/var/named'

    If I set this to the correct setting -- and save it, it shows back up as '/etc/bind' immediatly... If I look in the DB, server_bind_zonefile_dir is blank.

    If I issue the following mysql query, it shows up correctly... for a bit... then something I do (in ispconfig) or a cron job, sets it back to /etc/bind and the DB field to notta/empty -- I haven't found what's setting it back.

    mysql> update isp_server set server_bind_zonefile_dir = '/var/named/chroot/var/named' where doc_id=1;
    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1 Changed: 1 Warnings: 0

    Any ideas?
    Thanks
     
  2. linuxfool

    linuxfool New Member

    Figured something out.

    If I change anything in 'Management' > 'settings'...

    For example to turn on Maildir

    Save my change -- and then go back to the 'dns' tab -- I see the issue.

    Thanks for any help.
    ns
     
  3. falko

    falko Super Moderator Howtoforge Staff

    Please post the output of
    Code:
    ls -la /var/named/chroot/var/named
    and
    Code:
    ls -la /etc/bind
     
  4. linuxfool

    linuxfool New Member

    ls -la /var/named/chroot/var/named
    total 56
    drwxr-x--- 4 root named 4096 Dec 3 20:11 .
    drwxrwx--- 5 root named 4096 Nov 29 21:35 ..
    lrwxrwxrwx 1 root root 6 Dec 3 20:09 chroot -> ../../
    drwxrwx--- 2 named named 4096 Dec 3 19:15 data
    -rw-r--r-- 1 root root 2769 Dec 3 20:02 named.ca
    -rw-r--r-- 1 root root 256 Dec 3 20:02 named.local
    -rw-r--r-- 1 named named 630 Dec 3 21:48 pri.0.168.192.in-addr.arpa
    -rw-r--r-- 1 named named 621 Dec 3 21:48 pri.0.168.192.in-addr.arpa~
    -rw-r--r-- 1 named named 790 Dec 3 21:49 pri.domain.net
    -rw-r--r-- 1 named named 784 Dec 3 21:49 pri.domain.net~
    drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

    ==========================================

    ls -la /etc/bind
    ls: /etc/bind: No such file or directory

    ==========================================

    As long as the config remains pointing to the right place, it works like a charm, It's just when I change anything else in 'settings' it goes back to /etc/bind and the database field goes back to being empty.


    Thanks,
    ns
     
  5. falko

    falko Super Moderator Howtoforge Staff

    Ok, please also post the output of
    Code:
    ls -la /var/named/chroot/var
    ISPConfig uses PHP's realpath() function to write the right zonefiles directory into the database. I think that causes your problem...
     
  6. Azathoth

    Azathoth New Member

    I am having the same problem. I am also running CentOS 4.2 and ISPConfig 2.1.1, recently installed. The output you requested from the previous poster:

    Code:
    drwxr-x---  4 root named 4096 Dec  7 11:36 /var/named/
    drwxrwx---  5 root named 4096 Aug 18 10:39 /var/named/chroot/
    drwxrwx---  5 root named 4096 Aug 18 10:39 /var/named/chroot/var/
    drwxr-x---  4 root named 4096 Dec  7 12:24 /var/named/chroot/var/named/
    
    Applying the following patch to the installation of ISPConfig in /home/admispconfig resolves the issue so the problem is indeed related to the use of the realpath() function.

    Code:
    diff -ur /home/admispconfig/ispconfig.orig/lib/classes/ispconfig_isp_server.lib.php /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_server.lib.php
    --- /home/admispconfig/ispconfig.orig/lib/classes/ispconfig_isp_server.lib.php  2005-12-05 06:23:07.000000000 +0100
    +++ /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_server.lib.php       2005-12-07 12:30:19.000000000 +0100
    @@ -72,7 +72,7 @@
             if(!is_link($server["server_path_httpd_conf"])) $server["server_path_httpd_conf"] = realpath($server["server_path_httpd_conf"]);
             if(!is_link($server["server_path_httpd_root"])) $server["server_path_httpd_root"] = realpath($server["server_path_httpd_root"]);
             if(!is_link($server["server_path_httpd_error"])) $server["server_path_httpd_error"] = realpath($server["server_path_httpd_error"]);
    -        if(!is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
    +        //if(!is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
             if(!is_link($server["dist_init_scripts"])) $server["dist_init_scripts"] = realpath($server["dist_init_scripts"]);
             if(!is_link($server["dist_runlevel"])) $server["dist_runlevel"] = realpath($server["dist_runlevel"]);
             if(!is_link($server["dist_smrsh"])) $server["dist_smrsh"] = realpath($server["dist_smrsh"]);
    @@ -127,7 +127,7 @@
             if(!@is_link($server["server_path_httpd_conf"])) $server["server_path_httpd_conf"] = realpath($server["server_path_httpd_conf"]);
             if(!@is_link($server["server_path_httpd_root"])) $server["server_path_httpd_root"] = realpath($server["server_path_httpd_root"]);
             if(!@is_link($server["server_path_httpd_error"])) $server["server_path_httpd_error"] = realpath($server["server_path_httpd_error"]);
    -        if(!@is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
    +        //if(!@is_link($server["server_bind_zonefile_dir"])) $server["server_bind_zonefile_dir"] = realpath($server["server_bind_zonefile_dir"]);
             if(!@is_link($server["dist_init_scripts"])) $server["dist_init_scripts"] = realpath($server["dist_init_scripts"]);
             if(!@is_link($server["dist_runlevel"])) $server["dist_runlevel"] = realpath($server["dist_runlevel"]);
             if(!@is_link($server["dist_smrsh"])) $server["dist_smrsh"] = realpath($server["dist_smrsh"]);
    
    I am a bit unclear on why you are using realpath at all though. In CentOS 4.2 BIND is run in a chroot jail in /var/named/chroot. All paths in /var/named/chroot/var/named are symlinked to /var/named in the default installation. If I for example were to put the zone files in /var/named/data the zone files would be reachable by the same path in both the real filesystem and in the chroot jail.

    However, with the use of realpath() in ISPConfig /var/named/data is expanded to /var/named/chroot/var/named/data. This is written to /etc/named.conf. As BIND attempts to start it can't find the chroot directory in its chroot jail. The fix for this, without changing the ISPConfig source code, is to make an extra symlink in BIND's chroot jail:

    If ISPConfig didn't try to expand symlinks this wouldn't be necessary.
     
  7. falko

    falko Super Moderator Howtoforge Staff

    That's why realpath() fails: the directories can't be read by anyone else than root and named because of the permissions. If you changed the directories' permissions so that they can be read by anyone then realpath() would work.

    To prevent users from typing in wrong paths, etc.

    That's what I describe in the Fedora tutorials ( http://www.howtoforge.com/perfect_setup_fedora_core_4_p3 and http://www.howtoforge.com/perfect_setup_fedora_core_3_p3 ):

    Code:
    chmod 755 /var/named/
    chmod 775 /var/named/chroot/
    chmod 775 /var/named/chroot/var/
    chmod 755 /var/named/chroot/var/named/
    chmod 775 /var/named/chroot/var/run/
    chmod 777 /var/named/chroot/var/run/named/
    cd /var/named/chroot/var/named/
    ln -s ../../ chroot
    Fedora and CentOS are very similar.
     
  8. Azathoth

    Azathoth New Member

    This is not a good idea if sensitive data is stored in the zone file directory, such as DNSSEC information. I would either recommend that the realpath() function be run as a privileged user by ISPConfig or, if the realpath() function fails due to privilege problems, the path entered by the user is preserved as is.

    I can't find any error handler in the ISPConfig code that checks for sane return values from the realpath() function. Since the function returns an empty value on error it might be prudent to check for empty return values before inserting them into the SQL database.

    Thanks for pointing it out. I read through several of the guides before installing ISPConfig but I must have missed that specific detail.
     
  9. fayaz

    fayaz New Member

    ispconfig configring prob

    hi

    1.the problem in the isp management-->server--->services when in click on this
    it exits going back to the login screen.
    2.any entry made is not logged like creating resellers/clients
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Please have a look here, it might be the same problem then with the missing pages:

    http://www.howtoforge.com/forums/showthread.php?t=241

    You must login with the URL that is in the config.inc.php file.
     
  11. ronee

    ronee Member HowtoForge Supporter

    Very similar to described issue with dns zone file location settings on 2.2.21

    Just wanted to post a note about this.

    I ran into nearly the same issue described above on version 2.2.21. I have installed and maintain many servers running ispconfig and this particular version seemed much more problematic than others, sometimes changes would not apply without restarting ispconfig and other oddities.

    At one point I attempted upgrading to 2.2.24 but the upgrade hung and had to killed, and I had to restore the server to prior state via virtualization tools.

    Then just recently no dns changes could be applied and the dns recycle bin and isp recycle bins could not be emptied, configuration files being updated endlessly, etc.

    Noticed php segfaults in the logs, found the patch to downgrade to php5.0.4 for ispconfig operation, that worked but dns changes still could not be made. Also the path to dns zone files was incorrect but attempts to fix it were unsuccessful via the gui and had to be done directly in the database.

    Finally reset permissions on zone files as follows: after finding a recommendation to do so:

    chmod 755 /var/named/
    chmod 775 /var/named/chroot/
    chmod 775 /var/named/chroot/var/
    chmod 755 /var/named/chroot/var/named/
    chmod 775 /var/named/chroot/var/run/
    chmod 777 /var/named/chroot/var/run/named/

    then ran config file updates manually with:

    /root/ispconfig/php/php -q /root/ispconfig/scripts/writeconf.php

    and at that point all seems to be well


    Upgrading to 2.2.26 was thereafter successful.

    Hopefully this info is of use in case the issue arises in the future.
     

Share This Page